What the vulnerability does

01Description

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Key dates

02Disclosure timeline

August 23, 2022 CVE published
August 3, 2024 Record updated